|
|
| |
Running Commands with SSI
SSIs can be used to include content from virtually any command that can
be run on your operating system. Want to display, who is working logged
on you OS? try....
| |
<!--#exec cmd="/usr/bin/who"-->
|
|
| |
Format it between a couple of <pre></pre> pairs and you get:
| |
king ttyp0 Apr 14 10:14 (picard)
tracey ttyp1 Apr 14 08:52 (158.76.180.7:0.0)
king ttyp2 Apr 14 10:14 (picard:0.0)
irfan ttyp3 Apr 14 23:23 (158.76.102.131)
erlend ttyp4 Apr 15 11:19 (striker)
tonys ttyp6 Apr 15 12:13 (158.76.102.65:0.)
ccampbel ttyp7 Apr 15 14:58 (blob)
jkissel ttyp8 Apr 15 15:49 (jaunty)
|
|
| |
Alternatively, we can run our hello.pl script
| |
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "<html><head><title>hello world</title></head>";
print "<body><h1>Hello World</h1></body></html>";
|
|
| |
in-line and combine it with
this document by including the following:
| |
<!--#exec cgi="/cgi-bin/hello.pl"-->
|
|
| |
with predicable results
| |
|
|
| |
Useful? Well maybe. Dangerous? Yes and no depending on how much freedom you give
you users, and how well you have your security screwed down.
You can enable server side includes, but selectively disable exec with
the following.
| |
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you (or at least, not yet).
Options Indexes FollowSymLinks IncludesNOEXEC
|
|
| |
You might want to user either <Directory> or <Location> to
limit which directories or locations have access to SSIs.
|
|